Why your banking and payments are now more secure than ever


    If you use banking apps and online banking services, you might have noticed an increase in prompts for authentication when accessing your account or when shopping online.

    This is due to the implementation of an EU law called the Payment Services Directive, or PSD2. This was introduced on 13 January 2018, but was fully implemented from September 2019.

    The initiation of PSD2 might have gone under the radar for most, but the effects of the legislation introduced by the EU and implemented by the Financial Conduct Authority (FCA) are now being seen by all banking customers.

    Why was PSD2 introduced?
    The new law was introduced to step up protections for consumers and their payments, and also to help customers of banks, building societies, e-money institutions and payment institutions control their money more effectively.

    What does PSD2 mean for your banking?
    PSD2 will give you better control of your finances and help you to maintain oversight of your money. Changes it will bring include:

    1. Account aggregation services
    To help customers manage their money more effectively, account aggregation services will be introduced to bring customers’ banking data into one place. This is supported by the UK’s Open Banking Initiative, which aims to make it easier to understand your accounts and where your data is being held and shared.

    2. Direct Debit refunds
    Customers will be able to request a refund of any Direct Debit from their bank or financial services provider with “no questions asked”, if made within eight weeks of the amount being charged to the account.

    3. Improved complaints procedures
    If you feel your rights have not been respected by your payment service, you will be able to use a complaints procedure before needing to seek out-of-court amends or before taking the payment provider to court. As part of this procedure, payment providers must respond to any written complaint within 15 business days, meaning your complaints will be heard and dealt with much quicker.

    4. More options for banking providers
    The new law will increase competition in the payments market, allowing non-banking businesses to offer payment services. These include FinTech companies and other third-party providers, who will now be allowed to provide services under the same stringent rules as banking organisations.

    What does PSD2 mean for your payments?
    PSD2 will mean better protection procedures for your payments, which will keep your money and your identity safer online.

    These include:
    1. Increased authentication for increased security
    Under the rule of “strong customer authentication”, or SCA, payment service providers will have to ask customers to give two or more of the following elements for security:

    • Knowledge: something only the customer would know, such as a password or a PIN
    • Possession: something only the customer would have, such as a mobile phone for receiving a confirmation text
    • Inherence: something inherently unique to the customer, such as fingerprint or voice recognition

    This will be generally enforced for all payments over €30 , unless specific exemptions apply.

    2. Fewer charges for spending your money
    Retailers won’t be able to charge for using a debit or credit card to pay, meaning you keep more of your money when buying things online or offline.

    Find out more about how to stay safe shopping online from the Money Advice Service

    What does PSD2 mean for your security?
    The new legislation should lead to a reduction in fraud, as the multi-factor authentication required to make purchases will make it harder for criminals to use stolen identities.

    Other ways in which your security will be increased will include:
    1. Maximum liability for fraudulent payment
    If a fraudulent payment is made on an account, customers will only be liable for up to €50 , unless the customer has been “grossly negligent” at keeping their details safe.

    2. Better data protection
    The General Data Protection Regulation (GDPR) already protects your data from being shared without your permission, but the PSD2 reinforces this by only allowing payment service providers to access your data when you request it for a new service.

    Find out more about how to stay safe when making payments with Which?

    Where can you find more information?
    You can find out more on how your banking and data might be affected by PSD2 on the FCA website, or read more about open banking with the Money Advice Service.

    Your home may be repossessed if you do not keep up repayments on your mortgage. Loans are subject to status, terms and conditions. This website is for information purposes only. If you are in any doubt regarding suitability of our products please seek advice from an accredited independent mortgage adviser.

    Your eligible deposits with Castle Trust Bank are protected up to a total of £85,000 by the Financial Services Compensation Scheme, the UK’s deposit guarantee scheme. Any deposits you hold above the limit are unlikely to be covered. For further information about the compensation provided by the FSCS, refer to the FSCS website at fscs.org.uk.

    Castle Trust Bank means Castle Trust Capital plc, a company incorporated in England and Wales with company number 07454474 and registered office at 10 Norwich Street, London, EC4A 1BD. Castle Trust Capital plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, under reference number 541910.

    © 2021 Castle Trust Bank. All rights reserved.